dtt83024 2011-06-24 00:02
浏览 115
已采纳

Mediawiki验证替换显示“需要登录”而不是将用户签名到维基

I'm fairly to MediaWiki and needed a way to automatically log users in after they authenticated to a central server (which creates a session and cookie for applications to use).

I wrote a custom authentication extension based off of the LDAP Authentication extension and a few others. The extension simply needs to read some session data to create or update a user and then log them in automatically. All the authentication is handled externally. A user would not be able to even access the wiki website without logging in externally.

This extension was placed into production which replaced the old standard MediaWiki authentication system. I also merged user accounts to prepare for the change. By default, a user must be logged in to view, edit, or otherwise do anything in the wiki.

My problem is that I found if a user had previously used the built-in MediaWiki authentication system and returned to the wiki, my extension would attempt to auto-login the user, however, they would see a "Login Required" page instead of the page they requested like they were an anonymous user. If the user then refreshed the page, they would be able to navigate, edit, etc.

From what I can tell, this issue resolves itself after the UserID cookie is reset or created fresh (but has been known to strangely come up sometimes). To replicate, if there is an older User ID in the "USERID" cookie, the user is shown the "Login Required" page which is a poor user experience. Another way of showing this page is by removing the user account from the database and refreshing the wiki page. As a result, the user will again see the "Login Required" page.

Does anyone know how I can use debugging to find out why MediaWiki thinks the user is not signed in when the cookies are set properly and all it takes is a page refresh?

Here is my extension (simplified a little for this post):

<?php

$wgExtensionCredits['parserhook'][] = array (
    'name' => 'MyExtension',
    'author' => '',
);

if (!class_exists('AuthPlugin')) {
    require_once ( 'AuthPlugin.php' );
}

class MyExtensionPlugin extends AuthPlugin {

    function userExists($username) {
        return true;
    }

    function authenticate($username, $password) {

        $id = $_SESSION['id'];
        if($username = $id) {
          return true;
        } else {
          return false;
        }

    }

    function updateUser(& $user) {
        $name = $user->getName();
        $user->load();

        $user->mPassword = ''; 
        $user->mNewpassword = '';
        $user->mNewpassTime = null;

        $user->setRealName($_SESSION['name']);
        $user->setEmail($_SESSION['email']);
        $user->mEmailAuthenticated = wfTimestampNow();
        $user->saveSettings();

        return true;
    }

    function modifyUITemplate(& $template) { 
        $template->set('useemail', false); 
        $template->set('remember', false); 
        $template->set('create', false); 
        $template->set('domain', false); 
        $template->set('usedomain', false); 
    } 

    function autoCreate() {
        return true;
    }

    function disallowPrefsEditByUser() {
        return array (
            'wpRealName' => true,
            'wpUserEmail' => true,
            'wpNick' => true
        );
    }

    function allowPasswordChange() {
        return false;
    }


    function setPassword( $user, $password ) {
        return false;
    }


    function strict() {
        return true;
    }

    function initUser( & $user ) {
    }

    function updateExternalDB( $user ) {
        return false;
    }

    function canCreateAccounts() {
        return false;
    }

    function addUser( $user, $password ) {
        return false;
    }

    function getCanonicalName( $username ) {
        return $username;
    }
}


function SetupAuthMyExtension() {
    global $wgHooks;
    global $wgAuth;

    $wgHooks['UserLoadFromSession'][] = 'Auth_MyExtension_autologin_hook';
    $wgHooks['UserLogoutComplete'][] = 'Auth_MyExtension_UserLogoutComplete';
    $wgHooks['PersonalUrls'][] = 'Auth_MyExtension_personalURL_hook';
    $wgAuth = new MyExtensionPlugin();
}

function Auth_MyExtension_autologin_hook($user, &$return_user ) {
    global $wgUser;
    global $wgAuth;
    global $wgContLang;

    wfSetupSession();

    // Give us a user, see if we're around
    $tmpuser = new User() ;
    $rc = $tmpuser->newFromSession();
    $rc = $tmpuser->load();

    if( $rc && $rc->isLoggedIn() ) {
        if ( $rc->authenticate($rc->getName(), '') ) {
            return true;
        } else {
            $rc->logout();
        }
    }

    $id = trim($_SESSION['id']);
    $name = ucfirst(trim($_SESSION['name']));

    if (empty($dsid)) {
        $result = false;    // Deny access
        return true;
    }

    $user = User::newFromName($dsid);

    if (0 == $user->getID() ) {
        // we have a new user to add...     
        $user->setName( $id);
        $user->addToDatabase();
        $user->setToken();
            $user->saveSettings();

        $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
        $ssUpdate->doUpdate();

    } else {
        $user->saveToCache();
    }

    // update email, real name, etc.
    $wgAuth->updateUser( $user );

    $result = true;
    // Go ahead and log 'em in
    $user->setToken();
    $user->saveSettings();
    $user->setupSession();
    $user->setCookies();    
    return true;

}

function Auth_MyExtension_personalURL_hook(& $personal_urls, & $title) {
    global $wgUser;
    unset( $personal_urls['mytalk'] );
    unset($personal_urls['Userlogin']);
    $personal_urls['userpage']['text'] = $wgUser->getRealName();

    foreach (array('login', 'anonlogin') as $k) {
        if (array_key_exists($k, $personal_urls)) {
            unset($personal_urls[$k]);
        }
    }
    return true;
}


function Auth_MyExtension_UserLogoutComplete(&$user, &$inject_html, $old_name) { 
    setcookie( $GLOBALS['wgCookiePrefix'] . '_session', '', time() - 3600, $GLOBALS['wgCookiePath']);
    setcookie( $GLOBALS['wgCookiePrefix'] . 'UserName', '', time() - 3600, $GLOBALS['wgCookiePath']);
    setcookie( $GLOBALS['wgCookiePrefix'] . 'UserID', '', time() - 3600, $GLOBALS['wgCookiePath']);
    setcookie( $GLOBALS['wgCookiePrefix'] . 'Token', '', time() - 3600, $GLOBALS['wgCookiePath']);
    return true;
}


?>

Here is part of my LocalSettings.php file:

#############################
# Disallow Anonymous Access
#############################
$wgGroupPermissions['*']['read']            = false;
$wgGroupPermissions['*']['edit']            = false;
$wgGroupPermissions['*']['createpage']      = false;
$wgGroupPermissions['*']['createtalk']      = false;
$wgGroupPermissions['*']['createaccount']   = false;
$wgShowIPinHeader = false; # For non-logged in users

#############################
# Extension: MyExtension
#############################
require_once("$IP/extensions/MyExtension.php");
$wgAutoLogin = true;
SetupAuthMyExtension();
$wgDisableCookieCheck = true;
  • 写回答

1条回答 默认 最新

  • dongxu4580 2011-07-07 23:21
    关注

    I found out the reason why this problem was occuring. When a user had previously signed into the wiki an old cookie with the old user id was set. Mediawiki attempted to read this cookie and found that it did not match the database so for security purposes, a "login required" page was shown to the user.

    To get passed this issue, users can simply refresh the page, clear their cookies prior to login, or the admin can allow guest access to read pages.

    Alternatively, a change to the core file set can be made temporarily to bypass the check.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题